Skip to main content
CVE-2024-8503 CRITICAL POC THREAT Act Now

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
80.0%
CVE-2024-45409 CRITICAL POC PATCH THREAT Act Now

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Ruby Saml Omniauth Saml Gitlab
NVD GitHub
CVSS 3.1
9.8
EPSS
10.7%
CVE-2024-44893 CRITICAL POC Act Now

An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Jimureport
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-44677 CRITICAL POC Act Now

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE Java Eladmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45032 CRITICAL Act Now

A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
10.0
EPSS
0.8%
CVE-2024-38194 CRITICAL PATCH Act Now

An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Azure Web Apps
NVD
CVSS 3.1
9.9
EPSS
1.3%
CVE-2024-8191 CRITICAL Act Now

SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
19.6%
CVE-2024-43491 CRITICAL PATCH Act Now

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1507
NVD
CVSS 3.1
9.8
EPSS
12.1%
CVE-2024-38240 CRITICAL PATCH Act Now

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-38225 CRITICAL PATCH Act Now

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Microsoft Dynamics 365 Business Central
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-37980 CRITICAL Act Now

Microsoft SQL Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Sql Server 2016 Sql Server 2017 Sql Server 2019 +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-37341 CRITICAL PATCH Act Now

Microsoft SQL Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Sql 2016 Azure Connect Feature Pack Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-21416 CRITICAL PATCH Act Now

Windows TCP/IP Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-45595 CRITICAL PATCH Act Now

D-Tale is a visualizer for Pandas data structures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS D Tale
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-8654 CRITICAL Act Now

MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-39583 CRITICAL Act Now

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Insightiq
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-39581 CRITICAL Act Now

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Dell Insightiq
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-6596 CRITICAL Act Now

An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Echo Curve Viewer Fieldcare Sfe500 Package Field Xpert Smt79 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-6342 CRITICAL Act Now

**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Command Injection Nas326 Firmware Nas542 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-35783 CRITICAL Act Now

A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions < V2020 SP2 Update 5), SIMATIC Information Server 2022 (All versions < V2022. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
9.4
EPSS
0.6%
CVE-2024-41171 CRITICAL Act Now

A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-33698 CRITICAL Act Now

A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-44087 CRITICAL Act Now

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions <. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service
NVD
CVSS 4.0
9.2
EPSS
10.6%
CVE-2024-43040 CRITICAL Act Now

Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-38220 CRITICAL PATCH Act Now

Azure Stack Hub Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft Azure Stack Hub
NVD
CVSS 3.1
9.0
EPSS
1.0%
CVE-2024-38216 CRITICAL PATCH Act Now

Azure Stack Hub Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Azure Stack Hub
NVD
CVSS 3.1
9.0
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy